Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Update CTC 18 March 2015 Julianne Tolson.

Similar presentations


Presentation on theme: "Information Security Update CTC 18 March 2015 Julianne Tolson."— Presentation transcript:

1 Information Security Update CTC 18 March 2015 Julianne Tolson

2 2 What is Information Security? ” Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). ” information Wikipedia: http://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_security

3 3 CSU Information Security Policy It is the collective responsibility of all users to ensure: Confidentiality of information which the CSU must protect from unauthorized access Integrity and availability of information stored on or processed by CSU information systems Compliance with applicable laws, regulations, and CSU/campus policies governing information security and privacy protection ICSUAM http://www.calstate.edu/icsuam/sections/8000/index.shtmlhttp://www.calstate.edu/icsuam/sections/8000/index.shtml

4 4 Information Security Standards ISO 27000,27001,27002,27003 http://en.wikipedia.org/wiki/ISO/IEC_27000 NIST Cyber Security Framework (NIST CSF) http://www.nist.gov/cyberframework/

5 5 How is Information Security Achieved? A strategic partnership between stakeholders that includes: Risk management Controls Access control

6 6 Risk Management / Assessment Establish context Risk assessment Physical / Logical Threats Vulnerabilities Risk mitigation Reduce, retain, avoid, transfer Monitor and control

7 7 Risk Management examples Business continuity planning Offsite back-ups Patching and updates Qualys Vulnerability scans Web application scans Browsercheck (Bus. Ed.)

8 8 Qualys Browsercheck Business Ed. Demo 1.Sign-up 2.Configure 3.Distribute link https://browsercheck.qualys.com/?uid=e60a1eceb95f467c8d725858c5595b88 4.Monitor Users will be prompted to take action when vulnerabilities are detected https://www.qualys.com/forms/browsercheck-business-edition/

9 9 Controls Administrative: policies and procedures, background checks, FERPA, PCI, HIPAA Logical: intrusion detection, firewalls, encryption, principle of least privilege Physical: environment, separation of duties

10 10 Controls examples Responsible use policy Identity Finder Intrusion detection: PAN and Fireeye Information Security Awareness Discussion topic: How to get the word out?

11 11 Access control Identification Assurance Authorization Mandatory Access Control Discretionary Access Control Authentication Multi-factor authentication

12 12 Access control example Multi-factor authentication DuoSecurity pilot Action Item: Review any discretionary access control you have granted

13 13 Security Incident Response Assessing current process Incident categorization Response by incident category Server, Account, Endpoint Forensic tools Event logs & analysis

14 14 Questions?


Download ppt "Information Security Update CTC 18 March 2015 Julianne Tolson."

Similar presentations


Ads by Google